自定义spring security内部网络客户端

c8ib6hqw  于 2021-09-30  发布在  Java
关注(0)|答案(1)|浏览(337)

在咖啡馆hotspot wifi中工作时,我注意到spring security在解析中设置的jwk uri时失败 application.yml :


# application.yml

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          jwk-set-uri: https://some.vendor.com/.well-known/jwks.json

我注意到我自己的另一段使用 org.springframework.web.reactive.function.client.WebClient ,我可以通过更改地址解析程序来修复,如中所示:

val jvmBlockingResolver = HttpClient.create().resolver(DefaultAddressResolverGroup.INSTANCE)
val webClient = WebClient
            .builder()
            .clientConnector(ReactorClientHttpConnector(jvmBlockingResolver))
            .build()

在spring安全代码中,我发现了以下几行代码:

// NimbusReactiveJwtDecoder.java
package org.springframework.security.oauth2.jwt;

/* ... */

import org.springframework.web.reactive.function.client.WebClient;

/* ... */

// line 383:
source.setWebClient(this.webClient);

现在我坚信这个错误就是因为这个 WebClient . 有没有办法解决这个问题?
我在想我可以注射我的 WebClient bean,但是现在我已经看到了代码,我认为这不起作用。我找错地方了吗?这是spring安全限制还是bug?

kcrjzv8t

kcrjzv8t1#

感谢@toerktumlare的评论,我能够利用他的建议创建一个定制bean:

@Bean
fun reactiveJwtDecoder(): ReactiveJwtDecoder {
    val jvmBlockingResolver = HttpClient.create().resolver(DefaultAddressResolverGroup.INSTANCE)
    val connector = ReactorClientHttpConnector(jvmBlockingResolver)
    val webClient = WebClient.builder().clientConnector(connector).build()
    return NimbusReactiveJwtDecoder.withJwkSetUri("https://example.com/.well-known/jwks.json")
        .webClient(webClient)
        .build()
}

也可以使用 SecurityWebFilterChain 建设者:

.oauth2ResourceServer {
    val jvmBlockingResolver = HttpClient.create().resolver(DefaultAddressResolverGroup.INSTANCE)
    val connector = ReactorClientHttpConnector(jvmBlockingResolver)
    val webClient = WebClient.builder().clientConnector(connector).build()
    it.jwt().jwtDecoder(
        NimbusReactiveJwtDecoder
            .withJwkSetUri("https://example.com/.well-known/jwks.json")
            .webClient(webClient)
            .build()
    )

}

相关问题